Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@2.1.15
Typepypi
Namespace
Namedjango
Version2.1.15
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.28
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
0
url VCID-9mpt-zxaw-kkeg
vulnerability_id VCID-9mpt-zxaw-kkeg
summary multiple issues
references
0
reference_url https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/3.2/releases/security/
1
reference_url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-68w8-qjq3-2gfm
2
reference_url https://groups.google.com/forum/#!forum/django-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#!forum/django-announce
3
reference_url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
4
reference_url https://security.archlinux.org/ASA-202106-41
reference_id ASA-202106-41
reference_type
scores
url https://security.archlinux.org/ASA-202106-41
5
reference_url https://security.archlinux.org/AVG-2026
reference_id AVG-2026
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2026
fixed_packages
0
url pkg:pypi/django@2.2.24
purl pkg:pypi/django@2.2.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51tx-4tp9-kbcz
1
vulnerability VCID-6jpg-yrf8-cufy
2
vulnerability VCID-9end-mq19-rke5
3
vulnerability VCID-attf-6gj8-ebaj
4
vulnerability VCID-drwp-htkk-bkfh
5
vulnerability VCID-fksk-pr23-2yd8
6
vulnerability VCID-n9vn-4uxr-hkau
7
vulnerability VCID-nss9-1yrb-x7f2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.24
1
url pkg:pypi/django@3.1.12
purl pkg:pypi/django@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pb2-tqru-uufs
1
vulnerability VCID-n9vn-4uxr-hkau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.1.12
2
url pkg:pypi/django@3.2.4
purl pkg:pypi/django@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29qk-rv5n-efbm
1
vulnerability VCID-2n2n-1fq2-7bbs
2
vulnerability VCID-4pb2-tqru-uufs
3
vulnerability VCID-4z4e-8ttu-tyd6
4
vulnerability VCID-51tx-4tp9-kbcz
5
vulnerability VCID-6jpg-yrf8-cufy
6
vulnerability VCID-9end-mq19-rke5
7
vulnerability VCID-am3f-c5ex-8ff2
8
vulnerability VCID-attf-6gj8-ebaj
9
vulnerability VCID-au8h-vj9k-pufv
10
vulnerability VCID-drwp-htkk-bkfh
11
vulnerability VCID-f4a7-tcz5-byfj
12
vulnerability VCID-fksk-pr23-2yd8
13
vulnerability VCID-fsaw-3ta1-x3dw
14
vulnerability VCID-m1dr-sjmw-jfd2
15
vulnerability VCID-m33h-4p9q-63fb
16
vulnerability VCID-n9vn-4uxr-hkau
17
vulnerability VCID-nss9-1yrb-x7f2
18
vulnerability VCID-qgp1-4efd-6yg6
19
vulnerability VCID-yuda-1mur-8bbq
20
vulnerability VCID-z6tf-z1y9-cydq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@3.2.4
aliases CVE-2021-33203, GHSA-68w8-qjq3-2gfm, PYSEC-2021-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mpt-zxaw-kkeg
Fixing_vulnerabilities
0
url VCID-pgtx-cdua-kfb4
vulnerability_id VCID-pgtx-cdua-kfb4
summary Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
references
0
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
1
reference_url https://github.com/advisories/GHSA-hvmf-r92r-27hr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hvmf-r92r-27hr
2
reference_url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/django-announce/GjGqDvtNmWQ
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R4HD22PVEVQ45H2JA2NXH443AYJOPL5/
4
reference_url https://security.gentoo.org/glsa/202004-17
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202004-17
5
reference_url https://security.netapp.com/advisory/ntap-20191217-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191217-0003/
6
reference_url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/dec/02/security-releases/
7
reference_url http://www.openwall.com/lists/oss-security/2019/12/02/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/12/02/1
fixed_packages
0
url pkg:pypi/django@2.1.15
purl pkg:pypi/django@2.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9mpt-zxaw-kkeg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.15
1
url pkg:pypi/django@2.2.8
purl pkg:pypi/django@2.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cp2-k4mn-8ffj
1
vulnerability VCID-51tx-4tp9-kbcz
2
vulnerability VCID-5q58-pzt4-8uey
3
vulnerability VCID-6jpg-yrf8-cufy
4
vulnerability VCID-9end-mq19-rke5
5
vulnerability VCID-9mpt-zxaw-kkeg
6
vulnerability VCID-attf-6gj8-ebaj
7
vulnerability VCID-drwp-htkk-bkfh
8
vulnerability VCID-fhp8-tck4-mye4
9
vulnerability VCID-fksk-pr23-2yd8
10
vulnerability VCID-hh9b-52xn-z7a9
11
vulnerability VCID-j81e-su1y-tqa6
12
vulnerability VCID-m4wa-xv9b-q7ce
13
vulnerability VCID-n9vn-4uxr-hkau
14
vulnerability VCID-na9w-xkvx-cbhd
15
vulnerability VCID-nss9-1yrb-x7f2
16
vulnerability VCID-q8r2-m9s6-rbek
17
vulnerability VCID-qvfs-2v1h-p3h4
18
vulnerability VCID-u9q1-63gf-7feh
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-z4x1-e7tp-rqhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.2.8
aliases CVE-2019-19118, GHSA-hvmf-r92r-27hr, PYSEC-2019-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtx-cdua-kfb4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.15